RE: Problems accessing SSL encrypted webpages in SBS 2003

Hello Customer,

Thank you for posting here.

According to your description, I understand that you can not access OWA and
RWW from Internet via SSL. If I have misunderstood the problem, please
don't hesitate to let me know.

Based on my research, I suggest we try the following steps to see if we can
resolve this issue:

Step 1:
Please open Server Management console, navigate to 'To Do List' and click
'Connect to the internet' in the right panel. The wizard can help us
configure the networking settings for a SBS server. It's strongly
recommended to use the wizard to configure the SBS server.

More info:
825763 How to configure Internet access in Windows Small Business Server
2003
http://support.microsoft.com/?id=825763

This wizard will publish the OWA and RWW.

Detailed steps for your reference:

1. On the SBS 2003 Server open the Server Management console. Go to
Standard Management\To Do List.

2. Click the "Connect to the Internet" link.

3. When navigating to the Firewall page, select "Enable firewall" and click
Next (I suppose you have 2 network adapters in SBS 2003).

4. On the "Services Configuration" page, select all the items and then
click Next.

5. On the "Web Services Configuration" page, make sure "Allow access to the
entire Web site from the Internet" is selected. If you select "Allow access
to only the following Web site services from the Internet", make sure both
the "Remote Web Workplace" and "Outlook Web Access" item are selected.
Click Next.

6. On the "Web Server Certificate" page, choose to create a new Web server
certificate and then type the public FQDN that you will use to access OWA
(for example, if your public FQDN that you use to access the sites is
mail.xyz.com, you should type mail.xyz.com as the new certificate name).

Note: If you do not have registered FQDN, you need input Public IP address
of SBS Server when creating Certificate.

7. Go through the remaining steps.

After that the wizard will automatically publish the RWW and OWA for
internet access and create new server certificate for SSL.

Step 2:
Please ensure you have forward the TCP port 3389, 4125, 80, 443 and 444
from router to SBS external NIC. You can try to telnet these ports (except
4125) from Internet, to confirm the connection of your network.

Then you can access RWW via https://mail.xyz.com/remote/ and access OWA via
https://mail.xyz.com/exchange/ (mail.xyz.com is your public FQDN. If you
input Public IP address of SBS Server when creating Certificate, you have
to access via IP address like https://XXX.XXX.XXX.XXX/remote/ or
https://XXX.XXX.XXX.XXX/exchange/)

Additional info:

Users cannot connect to remote desktops by using the Windows Small Business
Server 2003 Remote Web Workplace
http://support.microsoft.com/?id=886209

If the issue persists, please kindly help me collect some information for
further investigation:

1. Did you meet any error when you run CEICW?

2. Try to access the OWA via https://mail.xyz.com/exchange (please use the
Internet FQDN but not SBS server name) on internal clients, is it work?

3. Please let me know your server's OWA address, I'll do a test from my
side.

4. Collect the IIS log.

a. Open IIS snap-in.
b. Right click Default Web Site and click Properties.
c. Uncheck the "Enable Logging" box and click Apply.
d. Go to C:\WINDOWS\system32\LogFiles\W3SVC1 folder and move all files to a
backup location.
e. Check "Enable Logging" box and click OK.
f. Run IISReset command.
g. Reproduce the problem and send the log file in
C:\WINDOWS\system32\LogFiles\W3SVC1 folder to me for research.

5. Gather IIS Metabase:

1) Download the IIS Resource Kit tools from the following page:
http://www.microsoft.com/downloads/details.aspx?FamilyId=56FC92EE-A71A-4C73-
B628-ADE629C89499&displaylang=en

2) Install it, run MBExplorer (Metabase Explorer)

3) Right click the "LM" node and choose "Export to file".

4) Specify a file name, specify the password and finish the export.

5) Send the file and the password to v-terliu@xxxxxxxxxxxxxx

Hope the above info helps. Please feel free to let me know if you have any
questions or concerns.

Thanks and have a nice day!

Best regards,

Terence Liu(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| Thread-Topic: Problems accessing SSL encrypted webpages in SBS 2003
| thread-index: AccvYLULnbNdZuu9TOyIvK/GddCPrw==
| X-WBNR-Posting-Host: 196.2.124.252
| From: =?Utf-8?B?cGFudGVyYV96YQ==?= <pantera_za@xxxxxxxxxxxxxxxxxxxxxxxxx>
| Subject: Problems accessing SSL encrypted webpages in SBS 2003
| Date: Wed, 3 Jan 2007 09:58:00 -0800
| Lines: 38
| Message-ID: <8FBEDBEF-D9E1-461A-9D68-C86541B1C5FF@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 8bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:7893
| NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| I recently installed SBS 2003 Standard Edition (No ISA server) and am
trying
| to set it up so that I can access OWA (Outlook Web Access), and RWW
(Remote
| Web Workplace). Unfortunately this doesnâ??t seem to be working at all.
|
| So far, I have gotten the exchange server and everything else working
quite
| well, but I still canâ??t get access from outside (via the internet) to
any SSL
| protected web pages. If I disable SSL encryption, I am able to access the
| pages.
|
| The server is connected to a D-Link DSL-G604T Wi-Fi ADSL modem router,
and
| DNS forwarding is being handled by No-IP client running on the server.
The
| company is using a WebAfrica ADSL account.
|
| I have forwarded all relevant ports on the router (80, 8080, 443, 444). I
| have opened all ports that were stated in the Getting Started Appendix C,
and
| forwarded them to the server IP address on the LAN.
|
| Port forwarding is working, as I can access the pages if they are not
| encrypted. Also if I access the pages from a browser that does not
support
| SSL (I used Opera Mini on my cell phone), I am also able to access the
pages.
|
| A more detailed description of the problem is as follows:
|
| Each time I try and connect to the pages mentioned above via a PC, IE
| displays a warning message about the server's certificate being invalid.
| Obviously the certificate is invalid as it is issued by a CA that is not
| trusted, but this is acceptable in the current situation, so I click
| continue, and it just hangs there for a very long time, finally saying
| something like: "The page you have requested could not be displayed".
|
| If I access the pages from clients connected to the LAN, it still gives
me
| the certificate error, but once I click continue, it opens up the webpage
| without problems.
|
| Is this a problem with the SBS server setup? I have run the Internet and
| Email wizard a number of times, and allowed access to the specific
services.
|
| Any help will be appreciated, and thanks in advance...
|

.

Relevant Pages

  • Re: HTTPS-HTTPS web publishing
    ... After a couple of tweaks to publishing rules ... the sbs company web, owa, portal server, and project server are working over ... > Here's an article that deals with exporting the SSL cert from your web ... >> access the internet fine. ...
    (microsoft.public.isa)
  • RE: SSL Publishing to WEB Server and Disable Binding
    ... To answer your concern, you can feel to publish this SSL web site, and the ... Socket pooling causes Internet Information Services ... pooling won't impact the default web site on the SBS server. ...
    (microsoft.public.windows.server.sbs)
  • RE: Server Re-Setup Help
    ... Can I conform to your network topology as follows: ... ->SBS server ... the SBS server box is the same as the internet computers although they are ... server is transferred in internet since they have different public IP. ...
    (microsoft.public.windows.server.sbs)
  • Re: Email....what to do part2 :)
    ... If you've run the Configure Email and Internet Connection wizard ... SBS server so be sure to have the appropriate number of SBS CALs. ... router is handling the DHCP ...
    (microsoft.public.windows.server.sbs)
  • RE: Connecting to my SBS Server from the Internet
    ... I notice that after you changed some configuration in Directory Security ... Server Management. ... In the right pane, click Connect to the Internet, and then click Next. ... Connecting to my SBS Server from the Internet ...
    (microsoft.public.windows.server.sbs)
Loading